https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372301#M303734 <HTML><HEAD></HEAD><BODY><P>Thanks lot Federico,</P><P></P><P>I have one more request,</P><P></P><P>I have the four inside interfaces and one DMZ interface. For each inside interface users have to access the Terminal Server authenticate by AAA using different Username and Password.</P><P></P><P>thanks once again</P><P>S.Rajkumar</P></BODY></HTML> Thu, 22 Apr 2010 09:25:41 GMT singraj2001 2010-04-22T09:25:41Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372299#M303732 <P>Hi,</P><P></P><P class="MsoNormal" style="margin: 0cm 0cm 10pt;"><SPAN style="font-variant: normal !important; color: #000000; ">I Have ASA 5520 In My Network, Here From Inside Users Have To Access The Terminal Server Which Is Located In DMZ. If I Want To Access The Terminal Server From Inside Users It Has To Authenticate By AAA Local Database.</SPAN></P> Mon, 11 Mar 2019 00:04:03 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372299#M303732 singraj2001 2019-03-11T00:04:03Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372300#M303733 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I believe you can do the following:</P><P></P><P>username user password pass</P><P>access-list ACL_AAA permit tcp INSIDE_NETWORK mask host DMZ_SERVER eq 3389</P><P>aaa authentication match ACL_AAA inside LOCAL</P><P></P><P>In this way, when the INSIDE_NETWORK requests to the RD server on the DMZ arrives to the inside interface of the ASA, there's an ACL that's going to match that traffic and also match the aaa authentication for the local database on the ASA.</P><P></P><P>On the ASA, the command ''sh uauth'' shows if the users are getting authenticated or not.</P><P></P><P>Federico.</P></BODY></HTML> Fri, 16 Apr 2010 03:01:20 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372300#M303733 Federico Coto Fajardo 2010-04-16T03:01:20Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372301#M303734 <HTML><HEAD></HEAD><BODY><P>Thanks lot Federico,</P><P></P><P>I have one more request,</P><P></P><P>I have the four inside interfaces and one DMZ interface. For each inside interface users have to access the Terminal Server authenticate by AAA using different Username and Password.</P><P></P><P>thanks once again</P><P>S.Rajkumar</P></BODY></HTML> Thu, 22 Apr 2010 09:25:41 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372301#M303734 singraj2001 2010-04-22T09:25:41Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372302#M303735 <HTML><HEAD></HEAD><BODY><P>You can try the following:</P><P></P><P>Create a local database of users:</P><P></P><P>username user1 password pass1<BR />username user2 password pass2<BR />username user3 password pass3<BR />username userx password passx</P><P></P><P>Create an object-group that groups the four inside networks and apply the object-group to the ACL:</P><P></P><P>access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389</P><P></P><P>Specify the ACL on the AAA rule:</P><P><BR />aaa authentication match ACL_AAA inside LOCAL</P><P></P><P>Federico.</P></BODY></HTML> Thu, 22 Apr 2010 17:19:18 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372302#M303735 Federico Coto Fajardo 2010-04-22T17:19:18Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372303#M303736 <HTML><HEAD></HEAD><BODY><P>Thanks federico</P></BODY></HTML> Fri, 23 Apr 2010 00:39:37 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372303#M303736 singraj2001 2010-04-23T00:39:37Z https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372304#M303737 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>When try to configure below comments,</P><P></P><P></P><P>Create a local database of users:<BR /> <BR />username user1 password pass1<BR />username user2 password pass2<BR />username user3 password pass3<BR />username userx password passx<BR /> <BR />Create an object-group that groups the four inside networks and apply the object-group to the ACL:<BR /> <BR />access-list ACL_AAA permit tcp object-group INSIDE_NETWORKS mask host DMZ_SERVER eq 3389<BR /> <BR />Specify the ACL on the AAA rule:</P><P>aaa authentication match ACL_AAA inside LOCAL</P><P></P><P>I am facing the error which I discribed below,</P><P></P><P>ASA does not support interactive authentication for the rules that are applied to traffic other than FTP, HTTP, HTTPS, Telnet and SSH. </P></BODY></HTML> Wed, 16 Jun 2010 09:09:11 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication/m-p/1372304#M303737 singraj2001 2010-06-16T09:09:11Z